What’s new in Log Analytics?

Latest updates from https://docs.loganalytics.io/docs/Language-Reference/Change-log Jan 7, 2018 New functions & operators funnel_sequence_completion plugin strcat_array() todecimal() url_decode() url_encode() parse_xml() Other changes format_timespan() documentation updated funnel_sequence plugin documentation updated reduce operator documentation updated Older updates     In this post I mentioned the Analytics Home Page.  This page also shows the high level updates to the platform such…


Azure Log Analytics: Queries, the basics explained – Part 4

  I’ll finish with some more examples, building on what we discussed in part 3. SecurityEvent | where Account has “Clive”   // has is a best practise rather than contains | project Account, Computer, EventID , EventSourceName // now I’ve selected a few columns of data I think are useful to reduce the noise //or…


Azure Log Analytics: Queries, the basics explained – Part 3

Sometimes unlike post 2, you may not know where to start, but hopefully you know some piece of data to search on. An example I often use  is a persons name, I’ll use my own.  Search can look through a lot of data so you may want to scope the time to a period you…


Azure Log Analytics: Queries, the basics explained – Part 2

Now that we have opened our first tab for producing a query in part 1 lets look at, some other capabilities. I mentioned Schema in the last post, its a good way of finding which types of data you may have and what solutions.  From my workspace you can see the variety of Solutions I…


Azure Log Analytics: Queries, the basics explained – Part 1

Sometimes I’m guilty of jumping in to the deep-end and skipping the basics. Update: This post end up in four parts: Part1 Part2 Part3 Part4 I spend all my time in the Advanced Analytics portal, as originally Log Search was a single line syntax. I much prefer multi-line syntax: Perf | where TimeGenerated >= ago(2h)…


Azure Log Analytics: Finding CPUs with perf counters

Today I saw a question on how find the count of CPUs that a server has, maybe you need this for licensing or maybe just for inventory purposes.  I remember looking at this before… The easiest way I’ve found (unless you know different) was to convert a syntax I used in the old query language…


Azure Log Analytics: Disk Space Usage–Part1

Often for customer demos I show this particular example or get questions as its pinned to my Azure Dashboard – its the first thing you see. UPDATE 17th May 2018: I’ve now added a Part 2 to this post, please go here for that  Part 2: https://blogs.msdn.microsoft.com/ukhybridcloud/2018/05/17/azure-log-analytics-disk-space-usage-part-2/ Performance counters are a great sources of performance…


Azure Log Analytics: Linux Groups

Earlier today I needed to look for some specific Linux machines, and a process name in Syslog. If you happen to have a naming convention, that enables a startswith or endswith or even a contains then its reasonably easy to find this info, e.g. However I wanted to make sure it was a Linux server…


Great to see OMS NPM now supports Expressroute

Please see here for more info: https://azure.microsoft.com/en-us/blog/monitoring-of-azure-expressroute-in-preview/ Start monitoring today This capability is in preview in West Central US and West Europe Azure regions and should be available in Eastern US and South East Asia in a week. You can enroll in the preview by sending us your workspace information. For more information, please visit…


Free Azure learning resources for Customers and partners

The Azure Learning team has published a set of free learning paths for customers and partners:  http://aka.ms/learnazure The best way to review this is through this short video (2:22 minutes)